CVE-2024-23111

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.4.3 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiProxy versions prior to 7.4.2 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier

Description The issue is related to an improper neutralization of input during web page generation, which can be exploited by a remote attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. This can be achieved by sending specially formed HTTP requests to the reboot page of the affected systems.

Recommendations For FortiOS versions prior to 7.4.3, update to a version that includes the fix for this issue. For FortiOS version 7.2 and earlier, update to a version that includes the fix for this issue. For FortiOS version 7.0 and earlier, update to a version that includes the fix for this issue. For FortiProxy versions prior to 7.4.2, update to a version that includes the fix for this issue. For FortiProxy version 7.2 and earlier, update to a version that includes the fix for this issue. For FortiProxy version 7.0 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the reboot page to minimize the risk of exploitation.